You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Windows has encountered a critical problem and will restart automatically in one minute. Please save your work Now

It looks like I've picked up a virus while browsing the internet (Drive-by infection). The computer was operating OK except last night I heard it playing a video talking about meryl streep (through the speakers) but there was no window open (a bit sus). Then when I checked this morning, I saw that System Centre essentials, Windows update, Firewall and whatever Windows Defender is now called have all been disabled (computer still functioning OK though...).

I then tried to reinstall System Centre Essentials and now get a message every time I boot the computer saying "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work Now". This happens in Normal and Safe Mode.

I'm not running a CD Drive emulator, and I'd love some suggestions on how to tackle this given my 1 minute window of opportunity when the computer boots.

Thanks!

[Edit] Just tried rebooting my PC this morning, it looks like I have picked up the sirefef virus (or a variant) - the latest definitions from MSE picked it up. It's still doing the reboot every minute trick though, and the files keep reappearing after i "Clean" them.

[Edit #2] I have used Kaspersky Rescue Disk 10 (http://support.kaspersky.com/viruses/rescuedisk/) to locate the original version of Services.exe in the winsxs folder and copy it back to the c:\windows\system32\ folder (after renaming the one sirefef put there) could have done the same using BartPE or something too, I suppose. This has stopped the "Reboot after a minute" issue.

I've then run SCE and removed the virus, rebooted and removed the virus again (so still infected at this point, but at least I can interact with and run apps in my computer).

I then used Panda Security's Yorkyt.exe tool to remove the virus (or at least the variants it could detect), and no longer have heaps of instances of consrv.dll appearing in my event log.

Windows updates does not work, Windows defender is not working, so there is still some work to do.

At this stage, I have a somewhat operational system that seems to be free of an active instance of Sirefef, however I still have problems with my PC and would still like to go through the detection and removal process to see if there are any other malware / virus apps it has dropped on, or if there are still pieces of it on the system.

I do not intend to make any other changes until told to do so via advice through this forum. Appreciate anyone's assistance with this

BC AdBot (Login to Remove)

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

A small box will open, with an explanation about the tool. No input is needed, the scan is running.

Notepad will open with the results.

Follow the instructions that pop up for posting the results.

Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!